qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: QPid Ruby client and SSL
Date Wed, 23 Oct 2013 10:12:33 GMT
On 10/22/2013 05:49 PM, Trevor Vaughan wrote:
> All,
>
> I've been trying to get the Ruby (cqpid) libraries to play well with the
> Qpid server without much success.
>
> I've tried setting the QPID_SSL_USE_EXPORT_POLICY and QPID_SSL_CERT_DB
> environment variables but the SSL negotiation is not completing.
>
> Testing with Openssl s_server and am getting the following error:
>
> SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1193:SSL
> alert number 42
>
> I'm not trying to use a client certificate, simply an SSL encrypted session
> and I've verified that my NSS database has the appropriate CA entries.
>
> The error remains whether or not I try to provide a client certificate per
> the C++ environment variables.
>
> Has anyone gotten this type of setup to work successfully?

Can you give a bit more detail on what your setup is? How did you start 
the broker (and just to be sure, which broker are you using)? What do 
the brokers and clients certificate dbs have in them (certutil -L -d 
<db-name>)? Did you use the fully qualified domain name when connecting? 
Did you specify port 5671?

I can certainly connect from the cqpid based ruby wrapper to the c++ 
broker (i.e. qpidd) over SSL using a cert for the server that is signed 
by a test CA whose certificate is imported into the clients cert db, 
with or without the export policy turned on.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message